On Monday, I managed to get out of Systems lab an hour early, which was fantastic, because I could actually go compete at bridge club. I was paired with a guy named Alex, who hasn’t played in 20 years and didn’t remember any conventions. Consequently, we bid everything naturally. We had Stayman, Blackwood, and that’s it. Alex was proud that he remembered weak 2’s. Needless to say, it was a bit of a challenge to bid. However, I think things worked out ok. As usual, we took last, but I think I played pretty well, all in all.
On Wednesday, Bruce Schneier, one of the worlds leading security experts, came to speak to us. His talk was absolutely fascinating! One of the more important things he said, in my opinion, is that when you assess any potential security measure, you should ask yourself these 6 questions:
1) What are we trying to protect?
2) What are the risks?
3) How effective is the countermeasure?
4) What problems will the countermeasure bring about?
5) What are the costs of the countermeasure?
6) Is it worth it?
One example he gave is bullet proof vests. We are trying to protect our bodies from being shot, and bullet proof vests are a very effective way of doing that. There aren’t any big problems with bullet-proof vests, except that if you wore one all the time you’d get some pretty funny looks from people. The costs are in money, time, comfort, and maybe a little mobility (can you easily move your body in one?). For the average person, the vest is not worth these costs, which is why the average person on the street doesn’t wear bullet-proof vests on a day-to-day basis.
If you follow this analysis, a lot of security measures our government has implemented are useless (our color-coded alert system, ousting Saddam, electronic voting, etc). This leads us to the conclusion that very rarely are security decisions made for actual security reasons. In general, you should watch the entities involved in a decision, and look at their agendas. For example, in airports, you now must have your photo ID checked when you buy your ticket, and again when you go through security. This doesn’t make the planes safer at all (whether or not I still have my photo ID 10 minutes later has no bearing on how dangerous I am). However, this was passed with the airline’s backing because it solves a different problem of theirs: apparently there used to be a market for scalped non-refundable tickets (if I bought a non-refundable ticket but canceled my trip, I could sell the ticket to someone else). With the 2nd ID check, the airlines cut down on that drasticly, under the guise of “security,” and the public thinks it was a government decision, which works out really nicely for the airlines.
All in all, it was a really neat talk. I’m now getting Schneier’s monthly e-newsletter, which should be pretty neat. If you get a chance to hear this guy speak, I highly recommend going to see him.